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REMARKS 

Applicants submit this Response in response to the final Official Action dated 
October 14, 2005 (the "Official Action"). In this Response, Applicants have amended Claims 1, 
4, 6, 9, 11, 15. 16 and 19. No new matter has been added and, as explained in detail below, no 
new issues are raised by the claim amendments. 

In the Official Action, the Examiner objects to the amendment of Claims 1, 4, 6, 9, 1 1, 
14, 16 and 19 that were introduced in a prior Response dated July 22, 2005. In particular, the 
Examiner contends that the recitations added to independent Claims 1 , 6, 1 1 and 16 relating to 
the host resolution device being adapted to determine the addresses of devices on the network 
when the address does not match the entry in the host table and then supplementing the host table 
with any additional addresses constitutes new matter. The addition of the host resolution device 
to Qaims 1, 4, 6, 9, 1 1, 14, 16 and 19 was then ^parently not considered during the subsequent 
examination of the claims with the independent claims, instead, again being examined in their 
original, unamended form. 

Ind^endent Claims 1, 6, 1 1 and 16 have now been amended to more explicitly 
incorporate the same language as utilized by the specification so as to more clearly demonstrate 
that the claim amendments do not incorporate new matter. For example, independent Claim 1 
has been amended to recite that the ^paratus includes "a host resolution device adapted to issue 
a request to the network to resolve the address when the address does not match an entry in the 
host table and to supplement the host table with the address upon the receipt of a reply to the 
request that indicates that the address is valid". Support for this recitation is provided by, among 
other sources, Figure 9 and paragraphs 105 and 106 of the present application which begin by 
stating "[i]f, in S903B the TP address is not found in the cache, an ARP request is issued, in 
S905A, to the protected LAN requesting an explicit resolution of the decoded address. If, in 
S905B, an ARP reply is received, then the address is deemed valid, and the internal cache is 
updated with this address, shown in S906." 

The other independent claims, that is, independent Claims 6, 1 1 and 16, have been 
amended in a comparable fashion so as to include similar recitations that are also supported at 
least by Figure 9 and paragraphs 105 and 106 of the present application. Moreover, dependent 
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Claims 4, 9, 14 and 19 have been amended to include the same recitations as those set forth by 
the original'set of claims with dependent Claim 4 being only sUghtty amended relative to original 
Claim 4 to take into account the prior recitation of the host resolution device by amended 

independent Claim 1. 

As each of Claims 1, 4, 6, 9. 11, 14, 16 and 19 are disclosed by the application, as 
originally filed, the claim amendments do not introduce new matter. Moreover, the amendments 
to independent Claims 1. 6, 1 1 and 16 more particularly define operations of the host resolution 
device in response to receipt of an address that does not match an entry in the host table relative 
to the claim amendments submitted in the prior Response dated July 22. 2005. Thus. AppUcants 
submit that the current claim amendments do not raise new issues and should therefore be 
substantively considered at this juncture. 

In the Official Action, the Examiner has also (1) rejected Claims 1-24 under 35 U.S.C. 
§ 102(b) as being anticipated by U.S. Patent No. 5,798,706 to Jeffrey A. Kraemer. et al. (the 
"Kraemer '706 patent"). (2) rejected Claims 1-3, 5-8. 10-13, 15-18 and 20-24 under 35 U.S.C. 
§ 102(b) as being anticipated by U.S. Patent No. 6,701 ,432 to Feng Deng, et al. (the "Deng '432 
patent"), and (3) rejected Claims 4, 9, 14 and 19 under 35 U.S.C. §103(a) as being unpatentable 
over the Deng '432 patent in view of the Kraemer '706 patent. Applicants respectfully request 
reconsideration of the present application and allowance of the claims based on the following.' 

At the outset, it is noted that tiie current rejections are substantially similar, if not 
identical, to the rejections set forth by the prior Official Action dated March 22, 2005, since the 
Examiner apparently did not take into consideration the amendments to independent Claims 1, 6, 
11 and 16 introduced by the prior Response dated July 22, 2005 in formulating the current 
rejections under 35 U.S.C. §§ 102(b) and 103(a). Moreover, the Examiner has taken the lack of a 
specific argument to each individual rejection set forth in the prior Official Action dated March 
22, 2005 (and carried over herein) to be a sign of Applicants' agreement with those rejections. 



' As Applicants' remarks with respect to the Examiner's rejections are sufficient to overcome these 

rejections, Apjucants- silence as to assertions by the Exammer in the Official Action or certam requ.«»n^^ 
mky be applicable to such rejections (e.g.. whether a reference constttutes prior art, '?°^^'*t^°"^^°?*J"L^„ 
refoences) is not a concessionby Applicants that such assertions axe accurate or such requirements have been met. 
and Applicants reserve the right to analyze and dispute such in tfie future. 
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Applicants completely disagree with the Exammer's assumption, however, and submit that the 
Examiner should not consider Applicants to agree with any of the rejections raised by either the 
prior Official Action dated March 22, 2005 or the present Official Action. Instead, in response 
to the prior OfiBcial Action dated March 22, 2005, each independent claim was amended, and the 
amended set of claims were then distinguished from the cited references based, at least in part, 
upon the recitations that had been added to the independent claims. Since the independent 
claims had been amended and were not taught or suggested by the cited references, at least for 
those reasons set forth by the prior Response dated July 22, 2005, the original grounds of 
rejections set forth by the Official Action dated March 22, 2005. relative to the original, 
unamended claims were no longer applicable and did not need to be individually addressed. 

As indicated in footnote 1 above, the Response dated July 22, 2005 also explicitly 
indicated in footnote 1 on page 8 that "[a]s AppUcants' remarks with respect to the Examiner's 
rejections are sufficient to overcome these rejections, Applicants' silence as to assertions by the 
Examiner in the Office Action. . .is not a concession by Applicants that such assertions are 
accurate, and AppUcants reserve the right to analyze and dispute such in the future." Thus, not 
only did Applicants not need to respond to each individual assertion raised by the prior Official 
Action dated March 22, 2005, but Applicants explicitly indicated in the prior Response dated 
July 22, 2005 that their silence was not any type of concession and specifically reserved the right 
to further dispute the Examiner's assertions. Thus, the Examiner should not consider any 
assertion raised by the prior Official Action dated March 22, 2005 or the current Official Action 

to have been conceded. 

With respect to the current set of claims, independent Claim 1 recites an apparatus for 

detecting adversarial activity on a network that includes: 

a memory adapted to store a host table; 

a key exchanger adapted to derive a cipher key 

a translator adapted to translate predetermined portions of packet 
header information of a data packet according to a cipher algorithm keyed by the 
cipher key, wherein the predetermined portions include an address; 

a mapping device adapted to map the address to the host table; 

a host resolution device adapted to issue a request to tiie network to 
resolve the address when the address does not match an entry in the host table and 
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to supplement the host table with the address upon receipt of a reply to the request 
that indicates that the address is valid; and « 
an actuator adapted to trigger a security device when the address 
does not match an entry in the host table. 

Neither of the cited references, taken either individually or in combination, teaches or 
suggests the apparatus of amended independent Claim 1. In this regard, the Kraemer '706 patent 
describes a network configuration designed to detect back door communication between a work 
station on the network and device outside of the network. As an example, this back door 
communication could be conducted via a modem associated with a work station that comiects to 
a device outside of the network in a mamier that is mdependent of the gateway through which 
communications with devices outside of the network are intended to flow. According to the 
Kraemer '706 patent, a packet scanner is connected to the network, such as a local area network, 
and compares the source and destination addresses of packets transmitted over the network to 
addresses in two different tables. A first table includes the addresses of the devices on the 
network, while the second table identifies the hardware addresses of the gateways authorized to 
be connected to the network. See column 3, line 46-59 of the Kraemer '706 patent. 

If the source and destination addresses are not included in the tables, the Kraemer '706 
patent describes various event routines bemg performed, which may include logging of 
information relating to die destination and source devices, the content of the packet at the time at 
which the event occurred, and the like. Although tiie Kraemer '706 patent does describe logging 
situations in which the source and destination addresses are not included in a table, die Kraemer 
'706 patent does not teach or suggest issumg a request to the network to resolve the address in 
response to detecting a source address or a destination address that does not match an entry in 
one of the tables and tiiereafler supplementmg one of the tables with the address upon receipt of 
a reply to the request that indicates that the address is valid, as now recited by amended 
independent Claim 1. Indeed, the Kraemer '706 patent does not teach or suggest that the tables 
should be updated, revised or otiierwise modified in instances in which the source and 
destination addresses are not included within the tables. 
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The Kraemer '706 patent does discuss the dynamic constraction of a table of the 
hardware addresses of the authorized gateways connected to the network by use of an ARP 
protocol. See column 4, Unes 48-52 of the Kraemer '706 patent. Moreover, the Kraemer '706 
patent discusses a reverse ARP server that includes a table to permit hardware network addresses 
to be automatically translated to IP addresses. See column 4, Unes 39-44 of the Kraemer '706 
patent. Even though the Kraemer '706 patent generaUy discusses ARP techniques, the Kraemer 
'706 patent foils to teach or suggest issuing a request to the network, be it an ARP request or 
otherwise, to resolve an address when the addr ess does not match an entry in the host table, as 
recited by amended independent Claim I . Indeed, the dynamic construction of a table using an 
ARP protocol is not described by the Kraemer '706 patent to be performed at any particular time 
or in response to any particular action. Additionally, the Kraemer '706 patent fails to teach or 
suggest sup plementing the host table with the addre s s upon receiving a reply to the request that 
indicates that the address is yahd. as now also recited by independent Claim 1. Instead, the 
Kraemer '706 patent describes the dynamic construction of a table using an ARP protocol, but 
does not teach or suggest any supplementation of the host table as in the claimed invention. 

The Deng '432 patent also fails to teach or suggest the apparatus of amended independent 
Claim 1. The Deng '432 patent includes a gateway for screening packets transferred over a 
network. The gateway is described to include a firewall engine and a memory that are coupled 
not only by a memory bus, but also by a local bus to thereby facilitate enhanced communication 
between the firewall engine and the memory. The firewall engine examines incoming packets 
and, in particular, the address of the incoming packets so as to screen the incoming packets in 
accordance with one or more rule sets. While the firewall engine of the Deng '432 patent may 
detect an incoming packet having an address that does not match an anticipated address as 
defined by a respective rule set and may therefore prevent the packet firom entering the network 
protected by the gateway, the Deng '432 patent does not teach or suggest responding to the 
identification of a packet having an address that does not match the address(es) defined by a 
respective rule set by issuing a request to the network to resolve the address and then 
supplementing the addresses included within the rule set with the address if a reply to the request 
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received that indicates that the address is valid, as now recited by amended independent Claim 



Since neither of the cited references teaches or suggests at least a host resolution device 
as recited by amended independent Claim 1, any combination of these references likev^ise fails 
to teach or suggest a host resolution device. Thus, the rejections of amended independent Claim 
1 are overcome, and Applicants respectfully request withdrawal of the rejections of Claim 1. 

Independent Claim 6 recites a method for detecting adversarial activity on a network that 
includes: 

storing a host table; 

deriving a cipher key; r j * 

translating predetermined portions of packet header mfoimation of a data 

packet according to a cipher algorithm keyed by the cipher key. wherem the 

predetermined portions include an address; 

mapping the address to the host table; 

issuing a request to the network to resolve the address when the addreM 
does not match an entry in the host table and supplementing the host table with 
the address upon receipt of a reply to the request that indicates that the address is 

valid; and , , . 

triggering a security device when the address does not match an entry m 

the host table. 

Likewise, independent Claim 1 1 recites a device for detecting adversarial activity on a network 
and includes various means for performing the method of Claim 6. and independent Claim 16 
recites a bastion host adapted for processing packet header information of the data packet and 
operable to perform the method of Claim 6. 

For similar reasons to those described above in conjunction v«th amended independent 
Claim 1 . amended independent Claims 6. 1 1 and 16 are also not taught or suggested by the 
Kraemer '706 patent and the Deng '432 patent, taken either individually or in combination. 
Thus, the rejections of amended independent Claims 6, 11 and 16 are also overcome, and 
AppUcants respectfully request that the rejections of Claims 6. 1 1 and 16 be withdrawn. 

Claims 2-5, 7-10, 12-15 and 17-24, which depend from independent Claims 1, 6, 1 1 and 
16, are also patentably distinct from the cited references, taken either individually or in 
combination, for at least the same reasons as described above in conjunction with their respective 
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base independent claims.^' As such, the rejecrions of the dependent claims are therefore also 
correspondingly overcome, and Applicants respectfoUy request that the rejections of dependent 
Claims 2-5, 7-10. 12-15 and 17-24 be withdrawn. 

m view of the foregoing, it is respectfully submitted that all of the claims of the present 
application are in condition for kmnediate allowance. It is therefore respectively requested that a 
Notice of Allowance be issued. The Examiner is encouraged to contact Applicants' undersigned 
attorney to resolve any remaining issues in order to expedite examination of present application. 

It is not beUeved that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1 .136(a). and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 07-2347. 



Respectfully submitted. 
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Registration No. 25,648 
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Verizon Corporate Services Group, Inc. 
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600 Hiddenridge, HQE03H14 
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Telephone: (972)718-4800 
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